CVE-2025-64419 is a critical command injection vulnerability identified in Coolify, an open-source, self-hostable platform for managing servers, applications, and databases. The vulnerability stems from improper neutralization of special elements (CWE-77) in parameters extracted from docker-compose.yaml files prior to version 4.0.0-beta.445. Specifically, when a user creates an application using the "docker compose" build pack from a repository controlled by an attacker, unsanitized parameters are passed directly into system commands executed by Coolify. This lack of input validation allows the attacker to inject arbitrary shell commands, which are executed with root privileges on the Coolify host. The vulnerability is remotely exploitable without authentication but requires user interaction in the form of creating an application from a malicious repository. The CVSS v3.1 score of 9.7 reflects the vulnerability's critical nature, with network attack vector, low attack complexity, no privileges required, user interaction required, and complete compromise of confidentiality, integrity, and availability. Although no public exploits have been reported, the risk is high due to the potential for full system takeover. The issue was addressed in version 4.0.0-beta.445 by implementing proper sanitization and validation of docker-compose.yaml parameters before command execution.

For European organizations, exploitation of this vulnerability could lead to complete compromise of Coolify instances, resulting in unauthorized root-level command execution. This can lead to data breaches, service disruption, lateral movement within networks, and deployment of further malware or ransomware. Organizations relying on Coolify for managing critical infrastructure, applications, or databases face significant operational risks. The attack vector involving malicious repositories could also facilitate supply chain attacks, undermining trust in development workflows. Given the criticality and ease of exploitation, organizations could experience severe confidentiality, integrity, and availability impacts, potentially affecting business continuity and regulatory compliance, especially under GDPR mandates. The threat is particularly relevant for organizations adopting containerized deployments and DevOps automation, which are prevalent in European tech sectors.

To mitigate this vulnerability, European organizations should immediately upgrade all Coolify instances to version 4.0.0-beta.445 or later, where the issue is fixed. Until upgrades are complete, restrict the creation of applications from untrusted or external repositories, especially those using the "docker compose" build pack. Implement strict repository whitelisting and code review processes to prevent malicious code injection. Employ network segmentation and least privilege principles to limit the impact of potential compromises. Monitor Coolify logs and system activity for unusual command executions or repository usage patterns. Additionally, consider container runtime security tools to detect anomalous behaviors. Regularly audit and update DevOps toolchains to ensure dependencies and management platforms are current and secure.